VNC Installation on Linux

VNVSERVER INSTALLTION ON LINUX

Note : Also applicable for tigervnc

yum install vncserver vino xog-x11-*

vim /etc/sysconfig/vncserver

put following line end of file

VNCSERVERS=”1:root”

VNCSERVERARGS[1]=”-geometry 1024×768 -localhost”

For multiple vnc instances /etc/sysconfig/vncservers would look like this:

VNCSERVERS=”1:tiger 2:albatros 3:leopard”

VNCSERVERARGS[1]=”-geometry 1024×768 -depth 16″

VNCSERVERARGS[2]=”-geometry 800×600 -depth 8″

VNCSERVERARGS[3]=”-geometry 1024×768 -depth 16″

These would listen on ports 5901, 5902, 5903 respectively.

Save and exit

vncpasswd <press enter>

please enter password for vnc

enter command

vncserver :1 <it will start vncserver or :1 session you can create as many as you want in above /etc/sysconfig/vncserver file>

Edit xstartup file

Vim /root/.vnc/xstartup

Uncomment following lines

unset SESSION_MANAGER

exec /etc/X11/xinit/xinitrc

and insert “gnome-session &” end of file (Note : not use double quote)

comment following line

#twm &

Save and exit

Kill vncserver use following command

vncsever –kill :1

Start vncserver :1

Download and Install vncviewer on your local machine

Site for downloading vncviwer

http://www.realvnc.com/products/download.html < Use free edition>

connect to machine

start all programs RealVNC VNC Viewer 4  Run VNC Viewer

enter ip/hostname of your machine with :1 click ok

enter password click ok

you will get connected

Security

The VNC protocol is not a secure communication protocol. The use of a vnc password provides security at the level of server access (it’s vulnerable to brute-force attacks though), but the whole VNC session is transmitted in the clear, without encryption. The easiest, but most effective, way to secure our connection to the VNC server is to connect through an encrypted SSH tunnel. This way the whole session will be encrypted.

The rest assume that you have the SSH server up and running on your remote machine (server.example.com) and you know what SSH tunnels are.

So, what we are going to do is to create an encrypted tunnel, and connect to our VNC server through it. We also want this tunnel to be automatically closed as soon as we shut down vncviewer. All this is done with the following command:

# ssh -f -L 25903:127.0.0.1:5903 leopard@server.example.com sleep 10; vncviewer 127.0.0.1:25903:3

This is what it does:

  • -L 25903:127.0.0.1:5903 forwards our local port 25903 to port 5903 on the remote machine. In other words, it creates the tunnel.
  • -f forks the SSH session to the background, while sleep is being executed on the remote machine. This ssh option is needed because we want to execute the following command (vncviewer) in the same local machine’s terminal.
  • vncviewer connects to the forwarded local port 25903 in order to connect to the VNC server through the encrypted tunnel.

The sleep command is of major importance in the above line as it keeps the encrypted tunnel open for 10 seconds. If no application uses it during this period of time, then it’s closed. Contrariwise, if an application uses it during the 10 sec period, then the tunnel remains open until this application is shut down. This way the tunnel is automatically closed at the time we close vncviewer’s window, without leaving any SSH processes running on our workstation. This is pure convenience! More information can be found at the Auto-closing SSH Tunnels article.

Using SSH tunnels to conect to your VNC server has two advantages:

  1. The whole session is encrypted.
  2. Keeping port 5903 open on your remote machine is no longer needed, since all take place through the SSH tunnel. So, noone will know that you run a VNC server on the remote machine.
Advertisements
Posted in Linux

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: